Hello, 

I have an ER7212PC, 3 EAP615 APs and an EAP655 setup and working with a default LAN 192.168.0.0/19 with wired and wireless clients, and an SSID to provide isolated guest access to the internet WAN. The wired printer has a reserved IP address. Clients on my default LAN can discover and print to my wired printer; on the guest SSID they cannot.

I want to offer wireless access that provides client isolation and internet plus discoverable access to a wired network printer on my default LAN. Are there any examples that I can follow to achieve this, at least for iOS and Android clients?

To try to do this I have created an isolated/guest LAN on 192.168.255.128/25 (used only by wireless clients on SSID PrinterGuests, or via PPSK). These clients have only internet WAN access and are isolated from each other and other LANs by a pair of EAP ACLs. I've tried to create EAP ACLs to allow access to the open TCP ports on the printer but I cannot access the printer in my testing. Am I on the right track, or are there any other approaches?

===

Edit:

The rules above allow me to access the printer web configuration from the internet+print SSID using a web browser on port 80 or 443, but if I try to manually add the printer to the Epson app on Android it fails with the message "Communication Error. Check the network settings for this device." And, it isn't discovered in any iPad or Android app 🤷‍♀️